Lucene search
Veracode Vulnerability DatabaseVERACODE:37595HistoryOct 19, 2022 - 2:58 a.m.
Prototype Pollution
2022-10-1902:58:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
browserify-shim
vulnerability
separateexposeglobals
resolve-shims.js
prototype pollution
software
EPSS
0.003
Percentile
71.4%
browserify-shim is vulnerable to prototype pollution. The vulnerability exists due to the separateExposeGlobals function in resolve-shims.js, which doesn’t restrict __proto__ or constructor keys in the supplied shim which allows an attacker to modify object prototypes.
References
github.com/advisories/GHSA-866w-wm4h-95c6
github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L130
github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158
github.com/thlorenz/browserify-shim/commit/97855e622b6dcd117c77e6583701962ff45e7338
github.com/thlorenz/browserify-shim/issues/245
Related
osv
osv
thlorenz browserify-shim vulnerable to prototype pollution
2022-10-12 12:00:18
CVE-2022-37617
2022-10-11 23:15:10
github
github
thlorenz browserify-shim vulnerable to prototype pollution
2022-10-12 12:00:18
prion
prion
Code injection
2022-10-11 23:15:00
cve
cve
CVE-2022-37617
2022-10-11 23:15:10
cvelist
cvelist
CVE-2022-37617
2022-10-11 00:00:00
nvd
nvd
CVE-2022-37617
2022-10-11 23:15:10